CVE-2021-23338
MEDIUMqlib < 0.7.0 - Remote Code Execution via Unsafe YAML Deserialization
Title source: llmDescription
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-QLIB-1054635
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/418sec/huntr/pull/1329
Scores
CVSS v3
6.6
EPSS
0.0355
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (2)
microsoft/qlib
pypi/pyqlib
0 - 0.7.0PyPI
Published
Feb 15, 2021
Tracked Since
Feb 18, 2026